Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Tenable Nessus
Tenable Nessusadded 2024/05/09 12:0 a.m.27 views

EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-1589)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward...

6.5CVSS7.1AI score0.00924EPSS
Exploits0References5
Veracode
Veracodeadded 2024/03/17 5:29 p.m.16 views

Sensitive Information Disclosure

go is vulnerable to Sensitive Information Disclosure. The vulnerability is due to errors returned from MarshalJSON methods containing user-controlled data, which can break contextual auto-escaping behavior, leading to unexpected content injection into templates...

5.4CVSS7.3AI score0.00924EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessusadded 2024/03/09 12:0 a.m.39 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.21 (SUSE-SU-2024:0811-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0811-1 advisory. - When following an HTTP redirect to a domain which is not a subdomain match or exact match of t...

7.5CVSS7.2AI score0.02017EPSS
Exploits0References18
Prion
Prionadded 2024/03/05 11:15 p.m.37 views

Design/Logic Flaw

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...

6.6AI score0.00924EPSS
Exploits0References4
CVE
CVEadded 2024/03/05 10:22 p.m.380 views

CVE-2024-24785

The CVE-2024-24785 issue affects Go’s html/template: if MarshalJSON methods return errors containing user-controlled data, the contextual auto-escaping can be bypassed, allowing injection into templates (impact described across multiple advisories). Affected entitys center on golang/html/template...

5.4CVSS6.1AI score0.00924EPSS
Exploits0References6
Debian CVE
Debian CVEadded 2024/03/05 10:22 p.m.31 views

CVE-2024-24785

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...

5.4CVSS7.1AI score0.00924EPSS
Exploits0
Cvelist
Cvelistadded 2024/03/05 10:22 p.m.18 views

CVE-2024-24785 Errors returned from JSON marshaling may break template escaping in html/template

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...

7.6AI score0.00924EPSS
Exploits0References6
Rows per page
Query Builder